Ruby: tests for OrmWriteAccess

Author: alexrford

ruby/ql/test/library-tests/frameworks/Orm.expected

@@ -0,0 +1,16 @@
+| app/controllers/users/users_controller.rb:5:7:5:44 | call to create! | name | app/controllers/users/users_controller.rb:5:26:5:29 | "U1" |
+| app/controllers/users/users_controller.rb:5:7:5:44 | call to create! | uid | app/controllers/users/users_controller.rb:5:37:5:43 | call to get_uid |
+| app/controllers/users/users_controller.rb:6:7:6:29 | call to create | name | app/controllers/users/users_controller.rb:6:25:6:28 | "U2" |
+| app/controllers/users/users_controller.rb:7:7:7:31 | call to insert | name | app/controllers/users/users_controller.rb:7:26:7:29 | "U3" |
+| app/controllers/users/users_controller.rb:10:7:10:32 | call to update | name | app/controllers/users/users_controller.rb:10:28:10:31 | "U4" |
+| app/controllers/users/users_controller.rb:11:7:11:73 | call to update! | name | app/controllers/users/users_controller.rb:11:39:11:42 | "U5" |
+| app/controllers/users/users_controller.rb:11:7:11:73 | call to update! | name | app/controllers/users/users_controller.rb:11:53:11:56 | "U6" |
+| app/controllers/users/users_controller.rb:11:7:11:73 | call to update! | name | app/controllers/users/users_controller.rb:11:67:11:70 | "U7" |
+| app/controllers/users/users_controller.rb:14:7:14:66 | call to insert_all | name | app/controllers/users/users_controller.rb:14:31:14:34 | "U8" |
+| app/controllers/users/users_controller.rb:14:7:14:66 | call to insert_all | name | app/controllers/users/users_controller.rb:14:45:14:48 | "U9" |
+| app/controllers/users/users_controller.rb:14:7:14:66 | call to insert_all | name | app/controllers/users/users_controller.rb:14:59:14:63 | "U10" |
+| app/controllers/users/users_controller.rb:19:7:19:30 | call to update | name | app/controllers/users/users_controller.rb:19:25:19:29 | "U11" |
+| app/controllers/users/users_controller.rb:20:7:20:57 | call to update_attributes | name | app/controllers/users/users_controller.rb:20:37:20:41 | "U12" |
+| app/controllers/users/users_controller.rb:20:7:20:57 | call to update_attributes | uid | app/controllers/users/users_controller.rb:20:49:20:55 | call to get_uid |
+| app/controllers/users/users_controller.rb:23:7:23:42 | call to update_attribute | name | app/controllers/users/users_controller.rb:23:37:23:41 | "U13" |
+| app/controllers/users/users_controller.rb:26:7:26:15 | call to name= | name | app/controllers/users/users_controller.rb:26:19:26:23 | "U14" |

ruby/ql/test/library-tests/frameworks/Orm.ql

@@ -0,0 +1,6 @@
+import codeql.ruby.DataFlow
+import codeql.ruby.Concepts
+
+query predicate ormFieldWrites(OrmWriteAccess acc, string fieldName, DataFlow::Node value) {
+  fieldName = acc.getFieldNameAssignedTo(value)
+}

ruby/ql/test/library-tests/frameworks/app/controllers/users/users_controller.rb

@@ -0,0 +1,34 @@
+module Users
+  class UsersController < ApplicationController
+    def create_or_modify
+      # CreateLikeCall
+      User.create!(name: "U1", uid: get_uid)
+      User.create(name: "U2")
+      User.insert({name: "U3"})
+
+      # UpdateLikeClassMethodCall
+      User.update(4, name: "U4")
+      User.update!([5, 6, 7], [{name: "U5"}, {name: "U6"}, {name: "U7"}])
+
+      # InsertAllLikeCall
+      User.insert_all([{name: "U8"}, {name: "U9"}, {name: "U10"}])
+
+      user = User.find(5)
+
+      # UpdateLikeInstanceMethodCall
+      user.update(name: "U11")
+      user.update_attributes({name: "U12", uid: get_uid})
+
+      # UpdateAttributeCall
+      user.update_attribute("name", "U13")
+
+      # AssignAttributeCall
+      user.name = "U14"
+      user.save
+    end
+
+    def get_uid
+      User.last.id + 1
+    end
+  end
+end

ruby/ql/test/library-tests/frameworks/app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

ruby/ql/test/library-tests/frameworks/app/models/user.rb

@@ -0,0 +1,2 @@
+class User < ApplicationRecord
+end